Ray Van Eng (05/01/97)
The finalized version of the Secure Electronic Transaction (SET) protocol co-authored by Visa and Mastercard and intended for handling secure credit card shopping activities over the Internet will be released on June 1. Currently, e-commerce software that incorporates SET is in various stages of testing around the world. With the IBM Net.Commerce software running on the web servers, Europay officials were able to buy a book and some plane tickets over the Internet in three separate instances between Norway and Denmark, thereby accomplished the first cross-border SET enabled transactions in Europe. In the United States, Wells Fargo Bank and Concentric Network are putting SET in pilot tests with merchants and consumers. In Japan, Fuji Bank announced they have about 10,000 customers taking part in a SET program and the number could increase to 100,000 by the end of 1997. Other International test sites include Hong Kong, Taiwan, Malaysia, Korea, South Africa etc. The French has a smart card version of the SET protocol on trial. In Europe, most credit cards are already "smart" and have silicon chips embedded in them. The French C-SET protocol would allow for more positive identification of the card holder than the use of a signature for a regular magnetic credit card transaction and would also open the door for governments to levy taxes should they decided to do so. The European Commission and other major banks in Germany and the U.K. have all agreed to test C-SET. A personal identification number (PIN) is needed for an online transaction or a C-SET enabled encrypted private communication. With C-SET, banks will act as trusted third parties which will hold encryption keys and keep a full record of all transaction for law-enforcement agencies, a concept commonly known as "key escrow" similar to what the Clinton Administration has proposed earlier in the year. Some of the expected major benefits of SET will include lower transaction cost than the existing credit card clearing mode and the reduction in merchant fraud since the credit card numbers won't be revealed to online retailers. Once the SET 1.0 is out this summer, Mastercard says it will start making future versions "security-algorithm-independent". Currently, only the de facto RSA algorithm is approved, but v. 2.0 will likely include other cryptography systems such as the highly touted though not yet fully tested Elliptic Curve Cryptosystem (ECC), championed by Certicom Corp. and Next Computer, now a subsidiary of Apple Computer. ECC is claimed to be much faster than the encryption standard from RSA Data Security which has often been criticized as a "Really Slow Algorithm". The encryption/decryption speed becomes critically important when a commercial web site has to handle a heavy workload of hundreds or perhaps thousands of simultaneous transactions. Visa, a long time competitor to Mastercard stated that different cryptography schemes could lead to compatibility problems in the future. |
© Copyright Ray Van Eng 1997 - 1999. All Rights Reserved.